[Samba] samba-3.0.0-rc4 and Domain Admins

Fri, 19 Sep 2003 03:31:19 -0700

Hi!

I am experiencing problems adding a user (e.g. smbadmin) to the "Domain Admins" group on my samba-PDC using the ldapsam backend.

When I add "Domain Admins" as a supplementary group, the Windows 2000 client doesn't treat smbadmin as an admin. However, using "Domain Admins" as the primary group (including setting sambaPrimaryGroupSID as "$SID-512") works as expected, the user has administrative rights. Additional information is attached below.

Is this a limitation or have I missed anything?

Thanks in advance,
--leo

P.S.:
showgrps from the Resource Kit shows "Domain Admins" regardless of wether "Domain Admins" is a primary or supplemental group.

# net groupmap list verbose ntgroup="Domain Admins"
Domain Admins
        SID       : S-1-5-21-181998944-1107627502-2274996074-512
        Unix group: domadmins
        Group type: Domain group
        Comment   :

-------------------- snipp! --------------------
This setup works (primary group):

# net user INFO smbadmin
root password:
Domain Admins
rk

# ldapsearch -x -h localhost -b 'dc=rk-klbg,dc=at' '(uid=smbadmin)'
[...]
# smbadmin, Users, rk-klbg, at
dn: uid=smbadmin,ou=Users,dc=rk-klbg,dc=at
sn: smbadmin
homeDirectory: /home/smbadmin
loginShell: /bin/bash
gecos: System User
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: smbadmin
uidNumber: 1011
uid: smbadmin
description: System User
mail: Samba.Admin
sambaSID: S-1-5-21-181998944-1107627502-2274996074-3022
sambaAcctFlags: [UX]
sambaPwdCanChange: 2147483647
sambaLogonTime: 0
sambaNTPassword: 957191BA4FCD635074D6D691E76E5512
sambaPwdLastSet: 0
sambaLogoffTime: 2147483647
sambaLMPassword: 14AC900E269621D293E28745B8BF4BA6
sambaKickoffTime: 2147483647
gidNumber: 800
sambaPrimaryGroupSID: S-1-5-21-181998944-1107627502-2274996074-512

-------------------- snipp! --------------------
This setup doesn't work: ("Domain Admins" is a supplementary group)

net user INFO smbadmin
root password:
rk
Domain Admins

# ldapsearch -x -h localhost -b 'dc=rk-klbg,dc=at' '(uid=smbadmin)'
[...]
# smbadmin, Users, rk-klbg, at
dn: uid=smbadmin,ou=Users,dc=rk-klbg,dc=at
sn: smbadmin
homeDirectory: /home/smbadmin
loginShell: /bin/bash
gecos: System User
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: smbadmin
uidNumber: 1011
uid: smbadmin
description: System User
mail: Samba.Admin
sambaSID: S-1-5-21-181998944-1107627502-2274996074-3022
sambaAcctFlags: [UX]
sambaPwdCanChange: 2147483647
sambaLogonTime: 0
sambaNTPassword: 957191BA4FCD635074D6D691E76E5512
sambaPwdLastSet: 0
sambaLogoffTime: 2147483647
sambaLMPassword: 14AC900E269621D293E28745B8BF4BA6
sambaKickoffTime: 2147483647
gidNumber: 1000
sambaPrimaryGroupSID: S-1-5-21-181998944-1107627502-2274996074-3001

--
-----------------------------------------------------------------------
Alexander (Leo) Bergolth                          [EMAIL PROTECTED]
WU-Wien - Zentrum fuer Informatikdienste       http://leo.wu-wien.ac.at
                 Computers are like air conditioners -
           they stop working properly when you open Windows

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to